You do not need to modify any of those files..
Ill run you through the full process on how to setup so it may help new users using ISPConfig,
On ISPConfig3
on, Sites, and then clicking your domain, and the SSL Tab,
Now, entering your SSL info and clicking the SAVE button to generate a SELF SIGNED SSL CERT,
for the “SSL Key”, “SSL Request” and “SSL Certificate” to appear.
(may take up to 2 mins or less to appear)
When asked for the CSR code for SSL on your website site, You copy the SSL Request into the CSR code box from ispconfig3 and your website SSL section to comodo's website CSR code box..
Please note that the certificate signing request (CSR) code, is in the "SSL Request" field.
To better familarize you,
The “RSA Key” is in the “SSL Key” field.
At some point Comodo will send an email with the activation
code and instructions where to enter it. This is a sample email:
**Domain Control Validation for www.example.com
Dear your-email@whatevermail.com
We have received a request to issue an SSL certificate for www.example.com.
Please ignore this email if neither you nor a trusted colleague made this
request for a certificate
Otherwise, please browse here and enter the following "validation code":
JH9Jrdtejfvsaas6234rgjfse7wjhge7
Click on the link and enter the validation code.
After a few minutes Comodo will send you another email with an attachment
containing four text files you were mentioning:
COMODORSADomainValidationSecureServerCA.crt
COMODORSAAddTrustCA.crt
AddTrustExternalCARoot.crt
www_example_com.crt
The trusted SSL Certificate is part of this email.
Download and extract to your PC,
inside the www_example_com.crt file.
edit it with your text editor (notepad++ if on windows or vi, nano etc on linux.)
and Copy all code into the “SSL Certificate” field, in IspConfig3.
The other three files are used to create the “SSL Bundle”.
COMODORSADomainValidationSecureServerCA.crt
COMODORSAAddTrustCA.crt
AddTrustExternalCARoot.crt
You need to combine the files in the following order to use on Ispconfig3.
Again using your text editor: Open all these files:
COMODORSADomainValidationSecureServerCA.crt
COMODORSAAddTrustCA.crt
AddTrustExternalCARoot.crt
Combine all of them... To Combine, Copy all code from each file, One by One In Order, into a new text file, to be sure you have everything correct.
combining should look something like this:
-----BEGIN CERTIFICATE-----
your cert code blah blah xx
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
your cert code blah blah xx
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
your cert code blah blah xx
-----END CERTIFICATE-----
After you combine the three files of code in one file,
Copy all the code, and enter the text in the “SSL Bundle” field.
Select “Save Certificate” and click SAVE.
(Wait 2 mins or less for changes,)
then Use this tool to check if the SSL was correctly installed:
https://www.sslshopper.com/ssl-checker.html
Use this tool to check if the installed SSL is of type SHA-2:
https://shaaaaaaaaaaaaa.com/
Ubuntu's open source nature does not make it immune from the same kind of issue, where an OEM may have added malware (accidentally or deliberately), whether that be additional CA certificates or otherwise, on the images it distributes pre-installed on computers.
If you install Ubuntu yourself there are a number of measures against malicious modification by third parties: If you obtain an image of Ubuntu from an official Ubuntu source you can verify its checksum, and if you keep Ubuntu updated using APT with the official repositories you benefit from its built-in digital signing, assuring you that the images have not been tampered with by third-parties.
However, as you may suspect if Ubuntu is pre-installed by an OEM they have almost certainly made modifications to it aside from just installing the official images, for quite legitimate reasons. If bought from a trusted source it would be very unlikely that the installation would include malware, possibly even more unlikely than the typical Windows installation, but there is nothing that would make it impossible, and you only need to look at the examples from Lenovo and Dell to see how that might happen.
As for whether you need to worry, you can judge for yourself. Wiping and reinstalling from an official Ubuntu installer might quell some fears, though you will lose any OEM-specific customisation or extra functionality.
I can't answer your question about whether Ubuntu/Canonical try to police any changes to root certificate stores on OEM's derived installations, but I can't see how that would be feasible to do comprehensively enough.
Best Answer
Yes, this certificate looks suspicious. It might be that somebody is messing with your network and trying man-in-the-middle attacks. Please check if other hosts in the network are affected too.
If no other host is affected try to find out when exactly you get this message, that is which host gets accessed in this case. It might also be that there is a router or similar device in your network with an expired certificate and for whatever reason you are trying to access this host.